Commits
Alexey Kuznetsov authored and Pavel Emelianov committed fe075302f29
[PATCH] PI futex oops (mainstream) Serialization in PI futexes is severely broken, lots of bugs, lots. But only one is known which crashes kernel. It is possible that new pi state isadded to pi_state_list after the task did exit cleanup already. So that, when task struct is released pi_state list remains in corrupted state. Locally exploitable.